#+title: Orion #+subtitle: Orion checks for compromised passwords using Have I Been Pwned API #+export_file_name: index #+setupfile: ~/.emacs.d/org-templates/projects.org | Website | https://andinus.nand.sh/orion/ | | Source | https://git.tilde.institute/andinus/orion | | GitHub (Mirror) | https://github.com/andinus/orion | * Demo - Orion v0.1.0 :: https://diode.zone/videos/watch/ffd4021d-2b39-4e6a-993e-3eacf9323320 * Documentation ** Implementation Initially it presented a simple prompt that accepted a password & it checked that password against HIBP database. Orion v0.2.0+ checks for compromised passwords in my password store. It builds a list of all the passwords in =~/.password-store= & performs these operations on each file: - Password is hashed & split (prefix: [:5], suffix: [5:]) - Prefix is sent to the HIBP API - HIBP API returns list of suffixes along with frequency - Orion looks for suffix from the list of suffixes Match means the password is present in HIBP database & has been compromised. - *Note*: Password not present in database doesn't mean that it is a strong password. ** Options *** verbose This option does nothing. * History Orion v0.1.0 was a simple cli application that asked user for password & returned the results. I never used this because I don't generate password in head, ~pass~ is my password manager & it stores all my passwords. Orion was ported from Go to Raku.